FireHost Security View Reveals Attacks on Customer Sites

Customers can see all malicious attacks attempted on their sites on the FireHost platform through the Security View graphical interface on the customer dashboard.

Firehost added a Security View feature to its customer
portal to give IT managers a detailed overview of the types of attacks hitting
their systems, the secure hosting provider said Feb. 1.
FireHost uses a variety of virtualization technologies to
protect customers from hacking attempts, malware and other attacks, the company
said. The attacks were being blocked so effectively that customers asked, "Am I
still getting attacked?" Chris Drake, CEO and founder of FireHost, told eWEEK.
"We are opening the curtain and inviting our customers to see how well we
protect their websites," he said.

The Security View is a new tab on the dashboard, which provides
real-time server metrics, such as storage usage, backups, processor
performance, memory usage and bandwidth consumption. The new tab lists all
attempts made on the customer's Web sites and applications by type of attack,
date, and originating region, Drake said. The attacks can be seen on a per IP
address level, giving customers with several systems on the FireHost platform a
clear picture of what the attackers are targeting, according to Drake.

Site owners and administrators can see the top eight attack
types that hit the site, and apply filters to get more information, Drake said.
The types include SQL injection, botnets, forged cross-site requests, illegal
requests, directory traversal, cross-site scripting, e-mail hoarding, untrusted
robots and others. There are two broader buckets called "malicious attacks" and
"illegal requests," as well.
Through the dashboard, the administrator can see how many
attacks of a specific type were attempted in an hour, day, week, month, or
year. While the information is available in hourly increments, the information
rolls up for larger blocks of time, Drake said. When looking at the daily
graph, the attempts will be broken out by the hour, but a monthly report would
aggregate the counts into the number of attempts per week, he said.
FireHost was automatically saving the attack data. But now
it retrieves the data to provide customers with up to a full year of historic
data in Security View, according to Drake.
The information is currently available only through the
dashboard, but the company will be rolling out the ability to schedule e-mail
reports within the next week or two, Drake said. Once the report scheduler is
in place, administrators won't even need to log onto the portal to see the
detailed information about the type of attacks that had been blocked.
Security View will build "awareness" among customers so
that they don't "get lazy about security," Drake said. Many companies don't
realize how many hackers attempt to breach their Web sites and applications on
a daily basis, he said. He mentioned one customer, a small e-commerce site, who'd
been part of the beta test and was surprised at the amount of SQL injection
attacks attempted on the site. "We told him, -You have credit card numbers in
your database. Of course you are a target.' They need to understand why they
are a threat," he said.
FireHost will also be rolling out the ability to define
trusted and not trusted regions in "60 to 90 days," Drake said. Security View
can currently display the originating region of the attack. The new capability
would allow administrators to preemptively block traffic from certain regions.
"If you aren't doing business in Russia, then you don't need any traffic coming
from Russia," Drake said. Anyone in the region that has been flagged as
untrusted by the customer will not be able to access the site at all, and be
unable to send any attacks, he said.
Security View gives customers the information they need
to understand and appreciate what is going on in the environment, Drake said.